TechSpot

Sirefef trojan

By tesher07
Jul 18, 2012
  1. So like many others apparently, I also just got the Sirefef.FC Trojan as well.

    Malawarebytes log

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.18.01

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Tesher :: TESHER-PC [administrator]

    7/17/2012 7:49:59 PM
    mbam-log-2012-07-17 (19-49-59).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 254722
    Time elapsed: 5 minute(s), 1 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Tesher\AppData\Local\temp\468187657.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

    (end)

    No GMER log
     
  2. tesher07

    tesher07 TS Rookie Topic Starter Posts: 26

    DDS log

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
    Run by Tesher at 22:10:26 on 2012-07-17
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3326.1596 [GMT -7:00]
    .
    AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Windows\System32\Ctxfihlp.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Razer\Mamba\RazerMambaSysTray.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Windows\System32\StikyNot.exe
    C:\Users\Tesher\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskhost.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
    uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
    uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [Razer Mamba Driver] c:\program files\razer\mamba\RazerTray.exe
    mRun: [Razer Mamba Elite Driver] c:\program files\razer\mamba\RazerMambaSysTray.exe
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
    mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
    mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
    mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
    mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\users\tesher\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\tesher\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\users\tesher\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    TCP: Interfaces\{104E8F57-1D5A-4C18-9EED-220B195F270B} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    TCP: Interfaces\{78AAEFE7-C15C-42F4-8035-1513D0CB0B92} : DhcpNameServer = 172.27.35.1
    TCP: Interfaces\{9F8777B4-9E4D-448D-B59D-14A87D965EDD} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\tesher\appdata\roaming\mozilla\firefox\profiles\1mp7cys1.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=2&q=
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\tesher\appdata\roaming\mozilla\firefox\profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - plugin: c:\windows\system32\wat\npWatWeb.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-5 239168]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-8-9 163424]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-17 655944]
    R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-5-14 2348352]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]
    R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-17 22344]
    R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2009-5-25 734208]
    R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2011-8-4 103112]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-2-5 1153368]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250056]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
    S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-1-10 245760]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2012-1-4 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2012-1-4 79360]
    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]
    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]
    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-5-20 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-6 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-18 1343400]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-07-18 03:40:23 -------- d-----w- C:\MGtools
    2012-07-18 03:23:03 -------- d-----w- c:\program files\HitmanPro
    2012-07-18 03:22:51 -------- d-----w- c:\programdata\HitmanPro
    2012-07-18 02:44:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-18 02:44:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-18 02:36:10 1669749 ----a-w- C:\MGtools.exe
    2012-07-18 02:18:59 -------- d-----w- c:\program files\CCleaner
    2012-07-17 20:19:41 -------- d-----w- c:\users\tesher\appdata\local\{72D2E207-9BEC-4B3D-B094-C2AE0146AF34}
    2012-07-17 20:19:30 -------- d-----w- c:\users\tesher\appdata\local\{49B642CB-F60D-4CD2-BBC9-16F85457F4CD}
    2012-07-17 19:27:51 -------- d-sh--w- c:\programdata\SecuROM
    2012-07-17 19:27:12 -------- d-----w- c:\users\tesher\appdata\local\Rockstar Games
    2012-07-17 19:25:34 -------- d-----w- c:\windows\system32\xlive
    2012-07-17 19:25:31 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2012-07-17 15:28:04 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{241ac0c4-1e0d-4496-9852-0115d46acae9}\mpengine.dll
    2012-07-17 06:49:05 -------- d-----w- c:\users\tesher\appdata\local\{9033BBDE-B18F-41C4-8BDE-694505B8FB38}
    2012-07-17 06:48:53 -------- d-----w- c:\users\tesher\appdata\local\{22BB550A-55E1-4EBA-BADE-9E5981F84D73}
    2012-07-15 18:39:26 -------- d-----w- c:\users\tesher\appdata\local\{1079D21D-1954-405C-803F-A70A345F4B3D}
    2012-07-15 18:39:15 -------- d-----w- c:\users\tesher\appdata\local\{3A780B87-8E6E-4AC2-849F-C82305287C22}
    2012-07-14 04:42:30 -------- d-----w- c:\users\tesher\appdata\local\{8AAEED72-CA2E-4D4A-9AE9-9306A2F096A8}
    2012-07-14 04:42:20 -------- d-----w- c:\users\tesher\appdata\local\{B85AED15-6FBC-4235-A14B-60C0C54E23DD}
    2012-07-12 08:16:38 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-07-12 08:15:51 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-07-09 20:55:44 -------- d-----w- c:\users\tesher\appdata\local\{9738F34F-1C48-4340-918E-C63B58902A03}
    2012-07-09 20:55:34 -------- d-----w- c:\users\tesher\appdata\local\{D59D90FF-873B-4075-8069-91B1935D39E4}
    2012-07-09 03:44:03 -------- d-----w- c:\users\tesher\appdata\local\Activision
    2012-07-08 22:03:10 -------- d-----w- c:\program files\iTunes
    2012-07-08 22:03:10 -------- d-----w- c:\program files\iPod
    2012-07-08 21:57:11 -------- d-----w- c:\users\tesher\appdata\local\{FBA42229-6A42-4A90-9E62-B342EA0FB138}
    2012-07-08 21:56:57 -------- d-----w- c:\users\tesher\appdata\local\{D42AAD77-78C1-4EC1-8E80-21F4AF20E381}
    2012-06-28 10:27:55 -------- d-----w- c:\users\tesher\appdata\local\{9BC45243-858C-441B-B556-1F4563B7FB16}
    2012-06-28 10:27:45 -------- d-----w- c:\users\tesher\appdata\local\{D5BA5CB4-29A6-453C-A457-BF3EFD79303B}
    2012-06-24 21:56:42 -------- d-----w- c:\users\tesher\appdata\local\{784E8ADC-5645-4A16-AB92-3193204DA728}
    2012-06-24 21:56:31 -------- d-----w- c:\users\tesher\appdata\local\{8E1490DC-CD15-488D-954E-2D497903F468}
    2012-06-23 17:26:55 -------- d-----w- c:\users\tesher\appdata\local\Macromedia
    2012-06-23 08:11:34 -------- d-----w- c:\users\tesher\appdata\local\dxhr
    2012-06-23 08:07:13 -------- d-----w- c:\users\tesher\appdata\local\28050
    2012-06-23 00:33:42 -------- d-----w- c:\users\tesher\appdata\local\{A93143B5-420C-499E-ACB8-85BCCCD2EE09}
    2012-06-23 00:33:31 -------- d-----w- c:\users\tesher\appdata\local\{DC301882-CEDD-49FB-A379-F7AED0FA8974}
    2012-06-22 06:03:04 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-22 06:02:46 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-22 06:02:23 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-22 06:02:22 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-21 15:06:42 -------- d-----w- c:\users\tesher\appdata\local\{1D3E46EE-4814-4D26-AB34-DC98C41A4F1B}
    2012-06-21 15:06:31 -------- d-----w- c:\users\tesher\appdata\local\{EE11E6FB-C59C-49B1-B262-5524AB9E6971}
    2012-06-21 04:46:49 -------- d-----w- c:\users\tesher\appdata\local\{8D0FD221-B720-4F34-8B86-D0C088A9D94A}
    2012-06-20 20:20:20 -------- d-----w- c:\users\tesher\appdata\local\{8C0365DE-1A50-4908-8097-0158F137447B}
    2012-06-20 20:20:08 -------- d-----w- c:\users\tesher\appdata\local\{EA9F6293-5A66-49CC-A977-6121B69989B5}
    2012-06-19 21:15:34 -------- d-----w- c:\users\tesher\appdata\local\{24C4B6F1-E952-4FF8-8191-F6AEA52B2646}
    2012-06-19 21:15:24 -------- d-----w- c:\users\tesher\appdata\local\{4260D7C6-863B-4B6B-A895-E1FDC48AE6A0}
    2012-06-19 09:14:50 -------- d-----w- c:\users\tesher\appdata\local\{9D7984BE-FEE6-40D2-9B49-38C47CF625AF}
    2012-06-19 09:14:40 -------- d-----w- c:\users\tesher\appdata\local\{5E6AFF71-76F7-413A-88C7-6DBC9FAB7333}
    2012-06-18 21:14:15 -------- d-----w- c:\users\tesher\appdata\local\{D01CBB46-372C-49DA-AD6E-686F7F118808}
    .
    ==================== Find3M ====================
    .
    2012-07-17 19:26:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2012-07-13 03:50:09 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2012-07-13 03:50:09 139152 ----a-w- c:\users\tesher\appdata\roaming\PnkBstrK.sys
    2012-07-13 03:49:56 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
    2012-07-13 03:49:50 794408 ----a-w- c:\windows\system32\pbsvc.exe
    2012-07-13 03:49:50 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
    2012-07-13 02:05:54 111928 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2012-07-11 23:59:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-11 23:59:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
    2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-27 07:37:42 281032 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll
    2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-04-24 04:36:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- c:\windows\system32\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- c:\windows\system32\cryptnet.dll
    2009-03-13 18:58:59 550248 ----a-r- c:\program files\DeployUi.dll
    2009-03-13 18:58:59 106344 ----a-r- c:\program files\LiteHtml.dll
    2009-03-13 18:58:58 87704 ----a-r- c:\program files\AcSetup.dll
    2009-03-13 18:58:58 6808 ----a-r- c:\program files\AcSetupRes.dll
    2009-03-13 18:58:56 161640 ----a-r- c:\program files\AcDelTree.exe
    .
    ============= FINISH: 22:10:49.12 ===============
     
  3. tesher07

    tesher07 TS Rookie Topic Starter Posts: 26

    Attach Log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/18/2011 4:40:41 PM
    System Uptime: 7/17/2012 8:15:47 PM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0TP406
    Processor: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz | CPU | 2992/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 1397 GiB total, 491.964 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    K: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: USB HS-CF Card
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB___HS-CF_CARD&REV_7.08#000001013CB3&0#
    Manufacturer: DELL
    Name: F:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB___HS-CF_CARD&REV_7.08#000001013CB3&0#
    Service: WUDFRd
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: USB HS-MS Card
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB___HS-MS_CARD&REV_7.08#000001013CB3&2#
    Manufacturer: DELL
    Name: H:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB___HS-MS_CARD&REV_7.08#000001013CB3&2#
    Service: WUDFRd
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: USB HS-SD Card
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB___HS-SD_CARD&REV_7.08#000001013CB3&3#
    Manufacturer: DELL
    Name: I:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB___HS-SD_CARD&REV_7.08#000001013CB3&3#
    Service: WUDFRd
    .
    Class GUID: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}
    Description: XPS MiniView
    Device ID: USB\VID_BEEF&PID_0006\AAAAAAAAAAAAAAAAAAAA
    Manufacturer: Microsoft Co
    Name: XPS MiniView
    PNP Device ID: USB\VID_BEEF&PID_0006\AAAAAAAAAAAAAAAAAAAA
    Service: WUDFRd
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: USB HS-xD/SM
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB___HS-XD#SM&REV_7.08#000001013CB3&1#
    Manufacturer: DELL
    Name: G:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB___HS-XD#SM&REV_7.08#000001013CB3&1#
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    RP173: 7/12/2012 1:15:04 AM - Windows Update
    RP175: 7/12/2012 6:27:27 PM - Installed DirectX
    RP176: 7/12/2012 6:28:57 PM - Installed GameSpy Comrade.
    RP178: 7/15/2012 6:27:45 PM - Installed DirectX
    RP179: 7/17/2012 8:25:55 AM - Windows Update
    RP181: 7/17/2012 12:21:07 PM - Installed DirectX
    RP183: 7/17/2012 12:23:32 PM - Installed DirectX
    RP185: 7/17/2012 12:25:37 PM - Installed DirectX
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Able2Extract Professional 7.0
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Common File Installer
    Adobe Community Help
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Viewer CS3
    Adobe Media Player
    Adobe PDF Library Files
    Adobe Photoshop CS5
    Adobe Photoshop Elements 6.0
    Adobe Premiere Elements 4.0
    Adobe Premiere Elements 4.0 Templates
    Adobe Reader X (10.1.3)
    Adobe Setup
    Adobe Shockwave Player
    Adobe Soundbooth CS3
    Adobe Soundbooth CS3 Codecs
    Adobe Soundbooth CS3 Scores
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    Age of Empires® III: Complete Collection
    AI War: Fleet Command
    Amnesia: The Dark Descent
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Autodesk 3ds Max 2010 32-bit
    Autodesk 3ds Max 2010 32-bit Additional Files (2010.06.08)
    Autodesk Backburner 2008.1
    Autodesk FBX Plugin 2009.4 - 3ds Max 2010
    Battlefield 2
    Bing Bar
    Bonjour
    Brawl Busters
    Brother MFL-Pro Suite MFC-J615W
    CCleaner
    Company of Heroes: Tales of Valor
    Creative ALchemy
    Creative Audio Control Panel
    Creative Console Launcher
    Creative MediaSource
    Creative MediaSource 5
    Creative Software AutoUpdate
    Creative Sound Blaster Properties
    Creative WaveStudio 7
    Crusader Kings II
    D3DX10
    DAEMON Tools Lite
    Dark Messiah Might and Magic Single Player
    Dear Esther
    Deus Ex: Human Revolution
    Deus Ex: Human Revolution - The Missing Link
    Diablo II
    Diablo III
    DivX Setup
    Dropbox
    EA SPORTS online 2008
    ESET NOD32 Antivirus
    Fallout: New Vegas
    Free Window Registry Repair
    GameSpy Comrade
    GCFScape 1.8.2
    GIMP 2.6.11
    GPL Ghostscript
    Hearts of Iron III
    Hitman 2: Silent Assassin
    Hitman: Blood Money
    Hitman: Codename 47
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 30
    Java(TM) 7 Update 4
    JavaFX 2.1.0
    Junk Mail filter update
    LIMBO
    LockHunter version 1.0 beta 3, 32 bit edition
    Madden NFL 08
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mamba Firmware Updater 1.13
    Mesh Runtime
    Messenger Companion
    Metro 2033
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Midnight Club II
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA 3D Vision Controller Driver 296.10
    NVIDIA 3D Vision Driver 296.10
    NVIDIA Control Panel 296.10
    NVIDIA Graphics Driver 296.10
    NVIDIA Install Application
    NVIDIA Photoshop Plug-ins
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0213
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.7.11
    NVIDIA Update Components
    OpenAL
    Orcs Must Die!
    Origin
    PaperPort Image Printer
    PAYDAY: The Heist
    PDF Settings CS5
    Picasa 3
    PunkBuster Services
    QuickTime
    Razer Mamba
    Realm of the Mad God
    Red Orchestra 2: Heroes of Stalingrad
    Rochard
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator Premier
    Roxio Creator Tools
    Roxio EasyArchive
    Roxio MyDVD Premier
    ScanSoft PaperPort 11
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype Click to Call
    Skype™ 5.9
    Sonic CinePlayer Decoder Pack
    SoundFont Bank Manager
    Space Pirates and Zombies
    Spybot - Search & Destroy
    Steam
    StudioCompiler v0.4A
    Terraria
    The Binding of Isaac
    The Ship
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    uTorrentBar Toolbar
    VC80CRTRedist - 8.0.50727.6195
    VLC media player 2.0.1
    VTFEdit 1.3.3
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows XP Mode
    WinRAR 4.01 (32-bit)
    Wolfenstein
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/17/2012 8:16:38 PM, Error: Service Control Manager [7003] - The epfwwfpr service depends the following service: BFE. This service might not be installed.
    7/17/2012 8:16:27 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    7/17/2012 8:16:27 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    7/17/2012 8:16:27 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    7/17/2012 8:16:27 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    7/17/2012 7:54:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    7/17/2012 7:54:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
    7/17/2012 10:10:16 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    7/17/2012 10:10:16 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    7/16/2012 7:51:16 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{104E8F57-1D5A-4C18-9EED-220B195F270B} because another computer on the network has the same name. The server could not start.
    7/16/2012 7:51:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    7/16/2012 7:51:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
    7/15/2012 10:42:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    7/14/2012 10:13:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SDRSVC service.
    7/13/2012 7:50:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    .
    ==== End Of File ===========================
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
     
  5. tesher07

    tesher07 TS Rookie Topic Starter Posts: 26

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 16-07-2012 01
    Ran by SYSTEM at 18-07-2012 14:29:39
    Running from F:\
    Windows 7 Professional (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [3080264 2011-09-22] (ESET)
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
    HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
    HKLM\...\Run: [Razer Mamba Driver] C:\Program Files\Razer\Mamba\RazerTray.exe [3278728 2009-12-15] (Razer USA Ltd)
    HKLM\...\Run: [Razer Mamba Elite Driver] C:\Program Files\Razer\Mamba\RazerMambaSysTray.exe [973720 2011-11-25] (Razer USA Ltd)
    HKLM\...\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [67488 2007-09-10] (Adobe Systems Incorporated)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM\...\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
    HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
    HKLM\...\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-09] (Nuance Communications, Inc.)
    HKLM\...\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-09] (Nuance Communications, Inc.)
    HKLM\...\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [345 2012-07-18] ()
    HKLM\...\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
    HKLM\...\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-02-09] (Brother Industries, Ltd.)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKU\Tesher\...\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R [102400 2004-12-02] (Creative Technology Ltd)
    HKU\Tesher\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
    HKU\Tesher\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
    Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
    Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
    Startup: C:\Users\Tesher\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\Tesher\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

    ================================ Services (Whitelisted) ==================

    2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
    3 BrYNSvc; "C:\Program Files\Browny02\BrYNSvc.exe" [245760 2010-01-25] (Brother Industries, Ltd.)
    3 Creative ALchemy AL6 Licensing Service; "C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe" [79360 2012-01-04] (Creative Labs)
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [974944 2011-09-22] (ESET)
    2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
    3 IDriverT; "C:\Program Files\Roxio\Roxio MyDVD Premier\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [73728 2004-10-22] (Macrovision Corporation)
    2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 mi-raysat_3dsmax2010_32; "C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" [86016 2009-03-12] ()
    2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-29] (NVIDIA Corporation)
    2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2012-07-12] ()
    2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-05] (Skype Technologies)
    2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382272 2012-02-29] (NVIDIA Corporation)

    ========================== Drivers (Whitelisted) =============

    3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2010-05-05] (Creative Technology Ltd)
    1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2012-01-05] (DT Soft Ltd)
    3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
    2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [163424 2011-08-09] (ESET)
    1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [118104 2011-08-04] (ESET)
    2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [103112 2011-08-04] (ESET)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
    3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [734208 2009-05-25] (Ralink Technology Corp.)
    3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
    3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
    1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
    3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
    1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
    3 VSTHWBS2; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-13] (Conexant Systems, Inc.)
    3 VST_DPV; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Conexant Systems, Inc.)
    3 catchme; \??\C:\Users\Tesher\AppData\Local\Temp\catchme.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-18 13:15 - 2012-07-18 13:15 - 00891630 ____A (Farbar) C:\Users\Tesher\Downloads\FRST.exe
    2012-07-17 21:10 - 2012-07-17 21:10 - 00607260 ____A (Swearware) C:\Users\Tesher\Downloads\dds(2).scr
    2012-07-17 21:04 - 2012-07-17 21:04 - 00607260 ____R (Swearware) C:\Users\Tesher\Downloads\dds(1).scr
    2012-07-17 21:03 - 2012-07-17 21:03 - 00607260 ____R (Swearware) C:\Users\Tesher\Downloads\dds.scr
    2012-07-17 21:01 - 2012-07-17 21:01 - 00000000 ____A C:\Users\Tesher\Desktop\gmer.log
    2012-07-17 20:08 - 2012-07-17 20:08 - 00302592 ____A C:\Users\Tesher\Desktop\5lv8tr12.exe
    2012-07-17 19:55 - 2012-07-18 06:53 - 00002125 ____A C:\Windows\WindowsUpdate.log
    2012-07-17 19:40 - 2012-07-17 19:46 - 00371734 ____A C:\MGlogs.zip
    2012-07-17 19:40 - 2012-07-17 19:46 - 00000000 ____D C:\MGtools
    2012-07-17 19:39 - 2012-07-17 19:39 - 00001150 ____A C:\Users\Tesher\Desktop\hitmanpro.zip
    2012-07-17 19:38 - 2012-07-17 19:38 - 00004836 ____A C:\Users\Tesher\Desktop\log.xml
    2012-07-17 19:23 - 2012-07-17 19:23 - 00000000 ____D C:\Program Files\HitmanPro
    2012-07-17 19:22 - 2012-07-17 19:24 - 00000000 ____D C:\Users\All Users\HitmanPro
    2012-07-17 19:16 - 2012-07-18 06:52 - 00000112 ____A C:\Windows\setupact.log
    2012-07-17 19:16 - 2012-07-17 19:16 - 00000626 ____A C:\Windows\PFRO.log
    2012-07-17 19:16 - 2012-07-17 19:16 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-17 18:44 - 2012-07-17 18:44 - 00003446 ____A C:\Users\Tesher\Desktop\RKreport[2].txt
    2012-07-17 18:44 - 2012-07-17 18:44 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-17 18:44 - 2012-07-17 18:44 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-07-17 18:44 - 2012-07-03 12:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-17 18:39 - 2012-07-17 18:39 - 00002911 ____A C:\Users\Tesher\Desktop\RKreport[1].txt
    2012-07-17 18:37 - 2012-07-17 18:43 - 00000000 ____D C:\Users\Tesher\Desktop\RK_Quarantine
    2012-07-17 18:36 - 2012-07-17 18:36 - 01669749 ____A C:\MGtools.exe
    2012-07-17 18:35 - 2012-07-17 18:35 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Tesher\Desktop\mb.exe.exe
    2012-07-17 18:35 - 2012-07-17 18:35 - 07718272 ____A (SurfRight B.V.) C:\Users\Tesher\Desktop\HitmanPro36.exe
    2012-07-17 18:34 - 2012-07-17 18:34 - 01552384 ____A C:\Users\Tesher\Desktop\RogueKiller.exe
    2012-07-17 18:19 - 2012-07-17 18:19 - 00000965 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-07-17 18:18 - 2012-07-17 18:19 - 00000000 ____D C:\Program Files\CCleaner
    2012-07-17 18:18 - 2012-07-17 18:18 - 02954752 ____A (Piriform Ltd) C:\Users\Tesher\Downloads\ccsetup320_slim.exe
    2012-07-17 12:19 - 2012-07-17 12:19 - 00000000 ____D C:\Users\Tesher\AppData\Local\{72D2E207-9BEC-4B3D-B094-C2AE0146AF34}
    2012-07-17 12:19 - 2012-07-17 12:19 - 00000000 ____D C:\Users\Tesher\AppData\Local\{49B642CB-F60D-4CD2-BBC9-16F85457F4CD}
    2012-07-17 11:27 - 2012-07-17 11:27 - 00000000 __SHD C:\Users\All Users\SecuROM
    2012-07-17 11:27 - 2012-07-17 11:27 - 00000000 ____D C:\Users\Tesher\AppData\Local\Rockstar Games
    2012-07-17 11:25 - 2012-07-17 11:26 - 00000000 ____D C:\Program Files\Microsoft Games for Windows - LIVE
    2012-07-17 11:25 - 2012-07-17 11:25 - 00000000 ____D C:\Windows\System32\xlive
    2012-07-16 22:49 - 2012-07-16 22:49 - 00000000 ____D C:\Users\Tesher\AppData\Local\{9033BBDE-B18F-41C4-8BDE-694505B8FB38}
    2012-07-16 22:48 - 2012-07-16 22:49 - 00000000 ____D C:\Users\Tesher\AppData\Local\{22BB550A-55E1-4EBA-BADE-9E5981F84D73}
    2012-07-15 17:30 - 2012-07-15 17:31 - 00000000 ____D C:\Users\Tesher\Documents\Orcs Must Die
    2012-07-15 10:39 - 2012-07-15 10:39 - 00000000 ____D C:\Users\Tesher\AppData\Local\{3A780B87-8E6E-4AC2-849F-C82305287C22}
    2012-07-15 10:39 - 2012-07-15 10:39 - 00000000 ____D C:\Users\Tesher\AppData\Local\{1079D21D-1954-405C-803F-A70A345F4B3D}
    2012-07-13 20:42 - 2012-07-13 20:42 - 00000000 ____D C:\Users\Tesher\AppData\Local\{B85AED15-6FBC-4235-A14B-60C0C54E23DD}
    2012-07-13 20:42 - 2012-07-13 20:42 - 00000000 ____D C:\Users\Tesher\AppData\Local\{8AAEED72-CA2E-4D4A-9AE9-9306A2F096A8}
    2012-07-12 17:29 - 2012-07-12 17:29 - 00000000 ____D C:\Program Files\GameSpy
    2012-07-12 00:19 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-12 00:19 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-12 00:19 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-12 00:19 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-12 00:19 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-12 00:19 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-12 00:19 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-12 00:19 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-12 00:19 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-12 00:19 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-12 00:19 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-12 00:19 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-12 00:19 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-12 00:19 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-12 00:16 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-12 00:15 - 2012-07-12 00:15 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-07-11 12:26 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-11 12:26 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-11 12:26 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-11 12:26 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-11 12:26 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-11 12:26 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-11 12:26 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-11 12:26 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-11 12:26 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-11 12:25 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-10 22:54 - 2012-07-10 22:54 - 02400256 ____A C:\Users\Tesher\Desktop\_ch_01_PPT_lecture.ppt
    2012-07-09 12:55 - 2012-07-09 12:55 - 00000000 ____D C:\Users\Tesher\AppData\Local\{D59D90FF-873B-4075-8069-91B1935D39E4}
    2012-07-09 12:55 - 2012-07-09 12:55 - 00000000 ____D C:\Users\Tesher\AppData\Local\{9738F34F-1C48-4340-918E-C63B58902A03}
    2012-07-08 19:44 - 2012-07-08 19:44 - 00000000 ____D C:\Users\Tesher\AppData\Local\Activision
    2012-07-08 14:04 - 2012-07-08 14:04 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-07-08 14:03 - 2012-07-08 14:04 - 00000000 ____D C:\Program Files\iTunes
    2012-07-08 14:03 - 2012-07-08 14:03 - 00000000 ____D C:\Program Files\iPod
    2012-07-08 13:58 - 2012-07-08 13:58 - 00000000 ____D C:\Program Files\QuickTime
    2012-07-08 13:57 - 2012-07-08 13:57 - 00000000 ____D C:\Users\Tesher\AppData\Local\{FBA42229-6A42-4A90-9E62-B342EA0FB138}
    2012-07-08 13:56 - 2012-07-08 13:57 - 00000000 ____D C:\Users\Tesher\AppData\Local\{D42AAD77-78C1-4EC1-8E80-21F4AF20E381}
    2012-06-28 02:27 - 2012-06-28 02:27 - 00000000 ____D C:\Users\Tesher\AppData\Local\{D5BA5CB4-29A6-453C-A457-BF3EFD79303B}
    2012-06-28 02:27 - 2012-06-28 02:27 - 00000000 ____D C:\Users\Tesher\AppData\Local\{9BC45243-858C-441B-B556-1F4563B7FB16}
    2012-06-24 13:56 - 2012-06-24 13:56 - 00000000 ____D C:\Users\Tesher\AppData\Local\{8E1490DC-CD15-488D-954E-2D497903F468}
    2012-06-24 13:56 - 2012-06-24 13:56 - 00000000 ____D C:\Users\Tesher\AppData\Local\{784E8ADC-5645-4A16-AB92-3193204DA728}
    2012-06-23 09:26 - 2012-06-23 09:26 - 00000000 ____D C:\Users\Tesher\AppData\Local\Macromedia
    2012-06-23 00:11 - 2012-06-27 18:52 - 00000000 ____D C:\Users\Tesher\AppData\Local\dxhr
    2012-06-23 00:07 - 2012-06-23 00:07 - 00000000 ____D C:\Users\Tesher\AppData\Local\28050
    2012-06-22 16:33 - 2012-06-22 16:33 - 00000000 ____D C:\Users\Tesher\AppData\Local\{DC301882-CEDD-49FB-A379-F7AED0FA8974}
    2012-06-22 16:33 - 2012-06-22 16:33 - 00000000 ____D C:\Users\Tesher\AppData\Local\{A93143B5-420C-499E-ACB8-85BCCCD2EE09}
    2012-06-21 22:03 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-21 22:03 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-21 22:03 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-21 22:03 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-21 22:02 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-21 22:02 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-21 22:02 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-21 22:02 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-21 22:02 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-21 07:06 - 2012-06-21 07:06 - 00000000 ____D C:\Users\Tesher\AppData\Local\{EE11E6FB-C59C-49B1-B262-5524AB9E6971}
    2012-06-21 07:06 - 2012-06-21 07:06 - 00000000 ____D C:\Users\Tesher\AppData\Local\{1D3E46EE-4814-4D26-AB34-DC98C41A4F1B}
    2012-06-20 20:46 - 2012-06-20 20:46 - 00000000 ____D C:\Users\Tesher\AppData\Local\{8D0FD221-B720-4F34-8B86-D0C088A9D94A}
    2012-06-20 12:20 - 2012-06-20 12:20 - 00000000 ____D C:\Users\Tesher\AppData\Local\{EA9F6293-5A66-49CC-A977-6121B69989B5}
    2012-06-20 12:20 - 2012-06-20 12:20 - 00000000 ____D C:\Users\Tesher\AppData\Local\{8C0365DE-1A50-4908-8097-0158F137447B}
    2012-06-19 13:15 - 2012-06-19 13:15 - 00000000 ____D C:\Users\Tesher\AppData\Local\{4260D7C6-863B-4B6B-A895-E1FDC48AE6A0}
    2012-06-19 13:15 - 2012-06-19 13:15 - 00000000 ____D C:\Users\Tesher\AppData\Local\{24C4B6F1-E952-4FF8-8191-F6AEA52B2646}
    2012-06-19 01:14 - 2012-06-19 01:15 - 00000000 ____D C:\Users\Tesher\AppData\Local\{9D7984BE-FEE6-40D2-9B49-38C47CF625AF}
    2012-06-19 01:14 - 2012-06-19 01:14 - 00000000 ____D C:\Users\Tesher\AppData\Local\{5E6AFF71-76F7-413A-88C7-6DBC9FAB7333}
    2012-06-18 13:14 - 2012-06-18 13:14 - 00000000 ____D C:\Users\Tesher\AppData\Local\{D01CBB46-372C-49DA-AD6E-686F7F118808}


    ============ 3 Months Modified Files ========================

    2012-07-18 13:19 - 2011-12-18 15:39 - 00726142 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-18 13:15 - 2012-07-18 13:15 - 00891630 ____A (Farbar) C:\Users\Tesher\Downloads\FRST.exe
    2012-07-18 12:59 - 2012-03-30 09:42 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-18 06:59 - 2009-07-13 20:34 - 00017792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-18 06:59 - 2009-07-13 20:34 - 00017792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-18 06:53 - 2012-07-17 19:55 - 00002125 ____A C:\Windows\WindowsUpdate.log
    2012-07-18 06:52 - 2012-07-17 19:16 - 00000112 ____A C:\Windows\setupact.log
    2012-07-18 06:52 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-17 21:10 - 2012-07-17 21:10 - 00607260 ____A (Swearware) C:\Users\Tesher\Downloads\dds(2).scr
    2012-07-17 21:04 - 2012-07-17 21:04 - 00607260 ____R (Swearware) C:\Users\Tesher\Downloads\dds(1).scr
    2012-07-17 21:03 - 2012-07-17 21:03 - 00607260 ____R (Swearware) C:\Users\Tesher\Downloads\dds.scr
    2012-07-17 21:01 - 2012-07-17 21:01 - 00000000 ____A C:\Users\Tesher\Desktop\gmer.log
    2012-07-17 20:08 - 2012-07-17 20:08 - 00302592 ____A C:\Users\Tesher\Desktop\5lv8tr12.exe
    2012-07-17 19:46 - 2012-07-17 19:40 - 00371734 ____A C:\MGlogs.zip
    2012-07-17 19:39 - 2012-07-17 19:39 - 00001150 ____A C:\Users\Tesher\Desktop\hitmanpro.zip
    2012-07-17 19:38 - 2012-07-17 19:38 - 00004836 ____A C:\Users\Tesher\Desktop\log.xml
    2012-07-17 19:16 - 2012-07-17 19:16 - 00000626 ____A C:\Windows\PFRO.log
    2012-07-17 19:16 - 2012-07-17 19:16 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-17 18:44 - 2012-07-17 18:44 - 00003446 ____A C:\Users\Tesher\Desktop\RKreport[2].txt
    2012-07-17 18:44 - 2012-07-17 18:44 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-17 18:39 - 2012-07-17 18:39 - 00002911 ____A C:\Users\Tesher\Desktop\RKreport[1].txt
    2012-07-17 18:36 - 2012-07-17 18:36 - 01669749 ____A C:\MGtools.exe
    2012-07-17 18:35 - 2012-07-17 18:35 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Tesher\Desktop\mb.exe.exe
    2012-07-17 18:35 - 2012-07-17 18:35 - 07718272 ____A (SurfRight B.V.) C:\Users\Tesher\Desktop\HitmanPro36.exe
    2012-07-17 18:34 - 2012-07-17 18:34 - 01552384 ____A C:\Users\Tesher\Desktop\RogueKiller.exe
    2012-07-17 18:19 - 2012-07-17 18:19 - 00000965 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-07-17 18:18 - 2012-07-17 18:18 - 02954752 ____A (Piriform Ltd) C:\Users\Tesher\Downloads\ccsetup320_slim.exe
    2012-07-17 11:26 - 2012-01-06 16:38 - 00107888 ____A (Sony DADC Austria AG.) C:\Windows\System32\CmdLineExt.dll
    2012-07-12 19:50 - 2012-02-18 12:48 - 00139152 ____A C:\Windows\System32\Drivers\PnkBstrK.sys
    2012-07-12 19:50 - 2012-02-18 12:48 - 00139152 ____A C:\Users\Tesher\AppData\Roaming\PnkBstrK.sys
    2012-07-12 19:49 - 2012-02-18 12:48 - 00794408 ____A C:\Windows\System32\pbsvc.exe
    2012-07-12 19:49 - 2012-02-18 12:48 - 00111928 ____A C:\Windows\System32\PnkBstrB.exe
    2012-07-12 19:49 - 2012-02-18 12:48 - 00075064 ____A C:\Windows\System32\PnkBstrA.exe
    2012-07-12 18:05 - 2012-02-18 12:48 - 00111928 ____A C:\Windows\System32\PnkBstrB.ex0
    2012-07-12 07:17 - 2009-07-13 20:33 - 03903960 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-12 00:17 - 2011-12-25 19:05 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-11 15:59 - 2012-03-30 09:42 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-07-11 15:59 - 2011-12-24 17:35 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-07-10 22:54 - 2012-07-10 22:54 - 02400256 ____A C:\Users\Tesher\Desktop\_ch_01_PPT_lecture.ppt
    2012-07-08 14:04 - 2012-07-08 14:04 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-07-03 12:46 - 2012-07-17 18:44 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-15 17:07 - 2012-06-15 17:07 - 00108375 ____A C:\Users\Tesher\Downloads\smdexp204-max2010.rar
    2012-06-13 06:54 - 2009-07-13 20:53 - 00032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-11 19:28 - 2012-06-11 19:28 - 00243152 ____A C:\Users\Tesher\Downloads\Project_X__2012__DVDRip_XviD__AMIABLE.exe
    2012-06-11 18:40 - 2012-07-12 00:16 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 20:41 - 2012-07-11 12:25 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-05 21:05 - 2012-07-11 12:26 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 21:05 - 2012-07-11 12:26 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 21:03 - 2012-07-11 12:26 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-04 06:55 - 2012-01-22 22:33 - 00000982 ____A C:\Users\Tesher\Desktop\Dropbox.lnk
    2012-06-02 14:19 - 2012-06-21 22:03 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 22:03 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 22:03 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 22:02 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 22:02 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:19 - 2012-06-21 22:02 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:12 - 2012-06-21 22:03 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:12 - 2012-06-21 22:02 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:12 - 2012-06-21 22:02 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 01:07 - 2012-07-12 00:19 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 00:43 - 2012-07-12 00:19 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 00:33 - 2012-07-12 00:19 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 00:26 - 2012-07-12 00:19 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 00:25 - 2012-07-12 00:19 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-12 00:19 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 00:23 - 2012-07-12 00:19 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 00:21 - 2012-07-12 00:19 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 00:20 - 2012-07-12 00:19 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-12 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 00:19 - 2012-07-12 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 00:17 - 2012-07-12 00:19 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 00:16 - 2012-07-12 00:19 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 00:14 - 2012-07-12 00:19 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-01 20:45 - 2012-07-11 12:26 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 20:45 - 2012-07-11 12:26 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 20:40 - 2012-07-11 12:26 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 20:40 - 2012-07-11 12:26 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 20:39 - 2012-07-11 12:26 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-05-31 11:25 - 2011-12-18 15:49 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-29 19:08 - 2012-05-29 19:07 - 00314898 ____A C:\Users\Tesher\Desktop\Copy of Project 1 Database-1 tesh.xlsx
    2012-05-26 23:37 - 2012-05-25 21:47 - 00281032 ____A C:\Windows\System32\PnkBstrB.xtr
    2012-05-25 11:28 - 2012-05-25 11:28 - 05435543 ____A (Blizzard Entertainment) C:\Users\Tesher\Downloads\LODPatch_113c.exe
    2012-05-25 11:28 - 2012-05-25 11:28 - 00000165 ____A C:\Users\Tesher\Downloads\prepatch.log
    2012-05-25 11:26 - 2012-05-25 11:25 - 00000724 ____A C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
    2012-05-25 11:18 - 2012-05-25 11:18 - 02678867 ____A (Blizzard Entertainment) C:\Users\Tesher\Downloads\Downloader_Diablo2_Lord_of_Destruction_enUS.exe
    2012-05-25 10:48 - 2012-05-25 10:48 - 02764854 ____A (Blizzard Entertainment) C:\Users\Tesher\Downloads\Downloader_Diablo2_enUS.exe
    2012-05-14 15:53 - 2012-05-14 15:53 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2012-05-14 15:51 - 2012-05-14 15:48 - 123137160 ____A (NVIDIA Corporation) C:\Users\Tesher\Downloads\296.10-desktop-win7-winvista-32bit-english-whql.exe
    2012-05-14 15:46 - 2012-01-05 22:40 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-05-14 15:46 - 2012-01-05 22:40 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-05-14 15:45 - 2012-05-14 15:44 - 00892360 ____A (Oracle Corporation) C:\Users\Tesher\Downloads\jxpiinstall(1).exe
    2012-05-14 07:37 - 2012-05-14 07:37 - 00001147 ____A C:\Users\Public\Desktop\Diablo III.lnk
    2012-05-14 07:36 - 2012-05-14 07:36 - 32288896 ____A (Blizzard Entertainment) C:\Users\Tesher\Downloads\Diablo-III-Setup-enUS.exe
    2012-05-08 20:59 - 2012-05-08 20:59 - 00001024 ____A C:\Users\Public\Desktop\VLC media player.lnk
    2012-05-08 20:59 - 2012-05-08 20:58 - 22259528 ____A C:\Users\Tesher\Downloads\vlc-2.0.1-win32.exe
    2012-05-06 13:28 - 2012-05-06 13:28 - 00001368 ____A C:\Users\Public\Desktop\Able2Extract Professional.lnk
    2012-05-06 13:28 - 2012-05-06 13:27 - 20679288 ____A (Investintech.com Inc. ) C:\Users\Tesher\Downloads\InstallAble2ExtractPro.exe
    2012-04-30 20:44 - 2012-06-13 14:07 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-28 13:59 - 2012-04-28 13:59 - 01263344 ____A (ESET) C:\Users\Tesher\Downloads\eset_nod32_antivirus_live_installer(2).exe
    2012-04-27 19:17 - 2012-06-13 14:07 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 20:45 - 2012-06-13 14:07 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 20:45 - 2012-06-13 14:07 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 20:41 - 2012-06-13 14:07 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-23 20:36 - 2012-06-13 14:07 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 20:36 - 2012-06-13 14:07 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-13 14:07 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 08:07 - 2012-01-04 10:57 - 00002503 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-04-21 11:47 - 2012-04-21 11:45 - 46104904 ____A (Blizzard Entertainment) C:\Users\Tesher\Downloads\Diablo-III-Beta-enUS-Setup.exe


    ZeroAccess:
    C:\Windows\Installer\{c3767afb-4d01-9ed6-b38f-ffc8c8f1c097}
    C:\Windows\Installer\{c3767afb-4d01-9ed6-b38f-ffc8c8f1c097}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 17%
    Total physical RAM: 4029.93 MB
    Available physical RAM: 3312.09 MB
    Total Pagefile: 4028.2 MB
    Available Pagefile: 3319.41 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1968.7 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:1397.25 GB) (Free:477.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    4 Drive f: ("ë&¿ë`) (Removable) (Total:3.73 GB) (Free:0.77 GB) FAT32
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 1397 GB 8 MB
    Disk 1 Online 3819 MB 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1397 GB 31 KB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 1397 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3818 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F "‰&¨‰` FAT32 Removable 3818 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-18 08:03

    ======================= End Of Log ==========================
     
  6. tesher07

    tesher07 TS Rookie Topic Starter Posts: 26

  7. tesher07

    tesher07 TS Rookie Topic Starter Posts: 26

    I have closed the thread on the Major geeks forum so I would like to continue getting help with the virus on the forum.
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Additional FRST Scan

    Once again, please boot to the System Recovery Options and run FRST, as done previously.

    Type the following text in the blank box after Search:

    services.exe

    Click: Search file(s)

    [​IMG]

    When done searching, FRST makes a log, Search.txt, on the C:\ drive.

    Please provide the Search.txt in your reply.
     
  9. tesher07

    tesher07 TS Rookie Topic Starter Posts: 26

    Farbar Recovery Scan Tool Version: 16-07-2012 01
    Ran by SYSTEM at 2012-07-19 08:41:52
    Running from J:\

    ================== Search: "services.exe" ===================

    C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-01-20 18:22] - [2008-01-20 18:22] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    C:\Windows.old\Windows\System32\services.exe
    [2008-01-20 18:22] - [2008-01-20 18:22] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

    C:\Windows\System32\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

    C:\Windows\ERDNT\cache\services.exe
    [2012-02-05 14:53] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

    === End Of Search ===
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    FRST Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went. If you can run Windows just fine, then please do the following scan:


    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      msconfig
      safebootminimal
      activex
      drivers32
      netsvcs
      CreateRestorePoint
      %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
      %AppData%\Local\
      %systemroot%\system32\sysprep
      *.xpi /md5
      %systemroot%\Downloaded Program Files\
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      %systemroot%\System32\config\*.sav
      %SYSTEMDRIVE%\*.exe /md5
      "%WinDir%\$NtUninstallKB*$." /30
      %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %USERPROFILE%\AppData\Local\ /s
      %systemroot%\Installer\ /s
      %systemroot%\system32\Cache\ /s
      %systemroot%\system32\config\systemprofile\Application Data /s
      %PROGRAMFILES%\*.
      %appdata%\*.*
      /md5start
      volsnap.sys
      services.exe
      userinit.exe
      afd.sys
      tcpip.sys
      netbt.sys
      ipsec.sys
      dnsrslvr.dll
      ipnathlp.dll
      netman.dll
      WMIsvc.dll
      srsvc.dll
      sr.sys
      wscsvc.dll
      wuauserv.dll
      qmgr.dll
      es.dll
      cryptsvc.dll
      svchost.exe
      rpcss.dll
      tdx.sys
      wininit.exe
      winlogon.exe
      atapi.sys
      explorer.exe
      /md5stop
    • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
     
  11. tesher07

    tesher07 TS Rookie Topic Starter Posts: 26

    Windows runs fine and I have yet to get the virus popup but my Antivirus still says "An error occurred while starting services. Analysis of application protocols (POP3, HTTP) will not function."

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 01
    Ran by SYSTEM at 2012-07-20 12:58:11 Run:1
    Running from J:\

    ==============================================

    C:\Windows\Installer\{c3767afb-4d01-9ed6-b38f-ffc8c8f1c097} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  12. tesher07

    tesher07 TS Rookie Topic Starter Posts: 26

    IMPORTANT: My antivirus just popped up saying that there is still a threat found, so it isn't fixed yet.
    Object: C:\FRST\Quarantine\services.exe
    Thread: Win32/Sirefef.FC.trojan
    Event occurred during an attempt to access the file by the application C:\Users\Tesher\Download\OTL.exe

    I will have the OTL up scan up in a bit as it is still running on my Desktop.
     
  13. tesher07

    tesher07 TS Rookie Topic Starter Posts: 26

    OTL logfile created on: 7/20/2012 1:08:32 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Tesher\Downloads
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 69.30% Memory free
    6.49 Gb Paging File | 5.44 Gb Available in Paging File | 83.79% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 1397.25 Gb Total Space | 474.97 Gb Free Space | 33.99% Space Free | Partition Type: NTFS
    Drive L: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

    Computer Name: TESHER-PC | User Name: Tesher | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/20 13:07:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tesher\Downloads\OTL.exe
    PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tesher\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/02/29 16:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/02/29 13:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2012/02/29 13:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/11/25 15:03:24 | 000,973,720 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Mamba\RazerMambaSysTray.exe
    PRC - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    PRC - [2011/09/22 13:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/05/05 20:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
    PRC - [2010/05/05 20:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
    PRC - [2009/12/15 11:17:08 | 003,278,728 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Mamba\RazerTray.exe
    PRC - [2009/07/13 18:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
    PRC - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
    PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    PRC - [2007/09/11 00:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
    PRC - [2004/12/02 19:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2010/05/05 20:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\CTXFIRES.DLL
    MOD - [2009/03/26 15:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
    MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
    MOD - [2007/07/19 12:50:12 | 000,104,520 | ---- | M] () -- C:\Windows\System32\OSD.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
    SRV - [2012/07/19 08:03:35 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/07/11 16:59:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/06/18 22:02:42 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/02/29 16:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/01/06 00:24:51 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2012/01/04 19:55:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2012/01/04 16:58:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/12/18 16:58:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
    SRV - [2011/04/01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
    SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
    SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Premier\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Tesher\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/02/29 16:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2012/01/05 21:20:34 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2011/08/09 15:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
    DRV - [2011/08/04 10:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
    DRV - [2011/08/04 10:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2010/11/20 04:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
    DRV - [2010/11/20 04:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
    DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 02:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
    DRV - [2010/11/20 02:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/05/05 22:29:18 | 001,178,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
    DRV - [2010/05/05 22:29:10 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
    DRV - [2010/05/05 22:29:02 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2010/05/05 22:28:54 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV - [2010/05/05 22:24:44 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2010/05/05 22:24:34 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
    DRV - [2010/05/05 22:24:24 | 000,526,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV - [2010/05/05 22:24:14 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
    DRV - [2010/05/05 22:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
    DRV - [2010/05/05 22:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
    DRV - [2010/05/05 22:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
    DRV - [2010/05/05 22:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
    DRV - [2010/05/05 22:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT.SYS)
    DRV - [2010/05/05 22:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
    DRV - [2009/07/13 17:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2009/07/13 15:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
    DRV - [2009/06/05 19:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel(R)
    DRV - [2009/05/25 05:38:16 | 000,734,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 43 AE 23 E5 63 CD 01 [binary data]
    IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=2&q="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: J:\Program Files\Google\Picasa3\npPicasa3.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/05 22:12:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 08:03:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/08 14:58:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/04 11:32:53 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 08:03:35 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/08 14:58:58 | 000,000,000 | ---D | M]

    [2011/12/24 16:33:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tesher\AppData\Roaming\Mozilla\Extensions
    [2012/07/18 13:15:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions
    [2012/07/17 18:25:54 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    [2012/07/18 13:15:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2012/04/30 16:50:42 | 000,000,925 | ---- | M] () -- C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\searchplugins\conduit.xml
    [2012/02/01 21:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/04/23 09:07:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/01/05 22:12:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
    [2012/03/30 10:42:33 | 000,685,019 | ---- | M] () (No name found) -- C:\USERS\TESHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1MP7CYS1.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
    [2012/01/06 11:31:51 | 000,013,039 | ---- | M] () (No name found) -- C:\USERS\TESHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1MP7CYS1.DEFAULT\EXTENSIONS\SAVESESSION@NOASOBI.NET.XPI
    [2012/07/19 08:03:35 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/01/05 23:40:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/12/20 21:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/12/20 21:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/06/08 08:34:01 | 000,442,086 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 15215 more lines...
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4 - HKLM..\Run: [Razer Mamba Driver] C:\Program Files\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
    O4 - HKLM..\Run: [Razer Mamba Elite Driver] C:\Program Files\Razer\Mamba\RazerMambaSysTray.exe (Razer USA Ltd)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
    O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Tesher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tesher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{104E8F57-1D5A-4C18-9EED-220B195F270B}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78AAEFE7-C15C-42F4-8035-1513D0CB0B92}: DhcpNameServer = 172.27.35.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F8777B4-9E4D-448D-B59D-14A87D965EDD}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: hitmanpro36 - Reg Error: Value error.
    SafeBootMin: hitmanpro36.sys - Reg Error: Value error.
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PEVSystemStart - Service
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: procexp90.Sys - Driver
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: WinDefend - Service
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
    ActiveX: {23C4E54D-2037-407D-3B40-56F994A46723} - Internet Explorer
    ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {A77871AA-02BD-4054-85CC-2DAC0E3307B3} - Browser Customizations
    ActiveX: {B06FB1C4-A2E0-6182-6B1D-15EF7959308A} - Microsoft Windows Media Player 12.0
    ActiveX: {BBCBD300-C2C8-9977-2D4B-EB96E65189A9} - DirectX
    ActiveX: {C5286645-E286-CCB3-8A38-B8CED317A07A} - Adobe Shockwave Director 10.2
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Sharedaccess - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: wuauserv - File not found
    NetSvcs: BITS - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/18 22:30:21 | 000,000,000 | ---D | C] -- C:\Users\Tesher\Documents\4A Games
    [2012/07/18 22:28:59 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\4A Games
    [2012/07/18 20:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
    [2012/07/18 15:27:11 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/18 15:11:04 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{CE912EBF-5699-481B-A7C8-33AC3B2EE00B}
    [2012/07/18 15:10:54 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{DF53996F-4324-4BE5-9F60-A02A21767EF7}
    [2012/07/17 20:40:23 | 000,000,000 | ---D | C] -- C:\MGtools
    [2012/07/17 20:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
    [2012/07/17 20:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2012/07/17 19:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/17 19:44:54 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/07/17 19:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/07/17 19:37:17 | 000,000,000 | ---D | C] -- C:\Users\Tesher\Desktop\RK_Quarantine
    [2012/07/17 19:35:24 | 007,718,272 | ---- | C] (SurfRight B.V.) -- C:\Users\Tesher\Desktop\HitmanPro36.exe
    [2012/07/17 19:35:00 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tesher\Desktop\mb.exe.exe
    [2012/07/17 19:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2012/07/17 19:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/07/17 13:19:41 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{72D2E207-9BEC-4B3D-B094-C2AE0146AF34}
    [2012/07/17 13:19:30 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{49B642CB-F60D-4CD2-BBC9-16F85457F4CD}
    [2012/07/17 12:27:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
    [2012/07/17 12:27:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
    [2012/07/17 12:27:12 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\Rockstar Games
    [2012/07/17 12:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
    [2012/07/17 12:25:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
    [2012/07/17 12:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
    [2012/07/16 23:49:05 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{9033BBDE-B18F-41C4-8BDE-694505B8FB38}
    [2012/07/16 23:48:53 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{22BB550A-55E1-4EBA-BADE-9E5981F84D73}
    [2012/07/15 18:30:12 | 000,000,000 | ---D | C] -- C:\Users\Tesher\Documents\Orcs Must Die
    [2012/07/15 11:39:26 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{1079D21D-1954-405C-803F-A70A345F4B3D}
    [2012/07/15 11:39:15 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{3A780B87-8E6E-4AC2-849F-C82305287C22}
    [2012/07/13 21:42:30 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{8AAEED72-CA2E-4D4A-9AE9-9306A2F096A8}
    [2012/07/13 21:42:20 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{B85AED15-6FBC-4235-A14B-60C0C54E23DD}
    [2012/07/12 18:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy
    [2012/07/12 18:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy
    [2012/07/12 01:19:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012/07/12 01:19:07 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2012/07/12 01:19:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012/07/12 01:19:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012/07/12 01:19:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012/07/12 01:19:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012/07/12 01:19:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2012/07/12 01:16:38 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2012/07/12 01:15:51 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2012/07/11 13:26:08 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2012/07/11 13:26:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
    [2012/07/11 13:26:03 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
    [2012/07/09 13:55:44 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{9738F34F-1C48-4340-918E-C63B58902A03}
    [2012/07/09 13:55:34 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{D59D90FF-873B-4075-8069-91B1935D39E4}
    [2012/07/08 20:44:03 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\Activision
    [2012/07/08 15:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/07/08 15:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/07/08 15:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/07/08 14:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/07/08 14:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2012/07/08 14:57:11 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{FBA42229-6A42-4A90-9E62-B342EA0FB138}
    [2012/07/08 14:56:57 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{D42AAD77-78C1-4EC1-8E80-21F4AF20E381}
    [2012/06/28 03:27:55 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{9BC45243-858C-441B-B556-1F4563B7FB16}
    [2012/06/28 03:27:45 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{D5BA5CB4-29A6-453C-A457-BF3EFD79303B}
    [2012/06/24 14:56:42 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{784E8ADC-5645-4A16-AB92-3193204DA728}
    [2012/06/24 14:56:31 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{8E1490DC-CD15-488D-954E-2D497903F468}
    [2012/06/23 10:26:55 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\Macromedia
    [2012/06/23 01:11:34 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\dxhr
    [2012/06/23 01:07:13 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\28050
    [2012/06/22 17:33:42 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{A93143B5-420C-499E-ACB8-85BCCCD2EE09}
    [2012/06/22 17:33:31 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{DC301882-CEDD-49FB-A379-F7AED0FA8974}
    [2012/06/21 23:03:04 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
    [2012/06/21 23:03:04 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
    [2012/06/21 23:02:46 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
    [2012/06/21 23:02:46 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
    [2012/06/21 23:02:46 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
    [2012/06/21 23:02:23 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
    [2012/06/21 23:02:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
    [2012/06/21 08:06:42 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{1D3E46EE-4814-4D26-AB34-DC98C41A4F1B}
    [2012/06/21 08:06:31 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{EE11E6FB-C59C-49B1-B262-5524AB9E6971}
    [2012/06/20 21:46:49 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{8D0FD221-B720-4F34-8B86-D0C088A9D94A}
    [2012/06/20 13:20:20 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{8C0365DE-1A50-4908-8097-0158F137447B}
    [2012/06/20 13:20:08 | 000,000,000 | ---D | C] -- C:\Users\Tesher\AppData\Local\{EA9F6293-5A66-49CC-A977-6121B69989B5}
    [2012/01/05 22:47:36 | 001,474,560 | R--- | C] (Apache Software Foundation) -- C:\Program Files\xerces-c_1_6_0.dll
    [2012/01/05 22:47:36 | 001,447,176 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\ProjectPointClient.dll
    [2012/01/05 22:47:36 | 001,048,576 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\PatchMgr.dll
    [2012/01/05 22:47:36 | 000,674,664 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\SetupUi.dll
    [2012/01/05 22:47:36 | 000,672,616 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\SetupAcadUi.dll
    [2012/01/05 22:47:36 | 000,664,424 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\SetupRes.dll
    [2012/01/05 22:47:36 | 000,655,872 | R--- | C] (Microsoft Corporation) -- C:\Program Files\msvcr90.dll
    [2012/01/05 22:47:36 | 000,378,128 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\UPI32.dll
    [2012/01/05 22:47:36 | 000,006,656 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\PatchMgrRes.dll
    [2012/01/05 22:47:35 | 000,568,832 | R--- | C] (Microsoft Corporation) -- C:\Program Files\msvcp90.dll
    [2012/01/05 22:47:35 | 000,224,768 | R--- | C] (Microsoft Corporation) -- C:\Program Files\msvcm90.dll
    [2012/01/05 22:47:34 | 001,645,320 | R--- | C] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll
    [2012/01/05 22:47:34 | 001,245,032 | R--- | C] (Autodesk) -- C:\Program Files\adlmPIT.dll
    [2012/01/05 22:47:34 | 000,550,248 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\DeployUi.dll
    [2012/01/05 22:47:34 | 000,182,632 | R--- | C] (Autodesk) -- C:\Program Files\adlmutil.dll
    [2012/01/05 22:47:34 | 000,106,344 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\LiteHtml.dll
    [2012/01/05 22:47:34 | 000,087,704 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\AcSetup.dll
    [2012/01/05 22:47:34 | 000,006,808 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\AcSetupRes.dll
    [2012/01/05 22:47:25 | 000,161,640 | R--- | C] (Autodesk, Inc.) -- C:\Program Files\AcDelTree.exe
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/20 13:07:13 | 000,017,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
     
  14. tesher07

    tesher07 TS Rookie Topic Starter Posts: 26

    [2012/07/20 13:07:13 | 000,017,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/20 12:59:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/20 12:59:43 | 2615,611,392 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/20 12:52:34 | 000,055,084 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
    [2012/07/20 12:52:34 | 000,055,084 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
    [2012/07/20 12:52:34 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
    [2012/07/20 11:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/18 14:19:57 | 000,625,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/07/18 14:19:57 | 000,106,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/07/17 21:08:27 | 000,302,592 | ---- | M] () -- C:\Users\Tesher\Desktop\5lv8tr12.exe
    [2012/07/17 20:46:13 | 000,371,734 | ---- | M] () -- C:\MGlogs.zip
    [2012/07/17 20:39:22 | 000,001,150 | ---- | M] () -- C:\Users\Tesher\Desktop\hitmanpro.zip
    [2012/07/17 20:38:49 | 000,004,836 | ---- | M] () -- C:\Users\Tesher\Desktop\log.xml
    [2012/07/17 19:44:55 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/17 19:36:11 | 001,669,749 | ---- | M] () -- C:\MGtools.exe
    [2012/07/17 19:35:45 | 007,718,272 | ---- | M] (SurfRight B.V.) -- C:\Users\Tesher\Desktop\HitmanPro36.exe
    [2012/07/17 19:35:34 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tesher\Desktop\mb.exe.exe
    [2012/07/17 19:34:17 | 001,552,384 | ---- | M] () -- C:\Users\Tesher\Desktop\RogueKiller.exe
    [2012/07/17 19:19:04 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/07/17 12:26:48 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
    [2012/07/16 19:17:34 | 000,044,186 | ---- | M] () -- C:\Users\Tesher\Desktop\$T2eC16dHJGoE9nuQg1-kBP-drYp6S!~~60_12.JPG
    [2012/07/12 20:50:09 | 000,139,152 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2012/07/12 20:50:09 | 000,139,152 | ---- | M] () -- C:\Users\Tesher\AppData\Roaming\PnkBstrK.sys
    [2012/07/12 20:49:50 | 000,794,408 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
    [2012/07/12 19:05:54 | 000,111,928 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
    [2012/07/12 18:29:57 | 000,001,965 | ---- | M] () -- C:\Users\Tesher\Application Data\Microsoft\Internet Explorer\Quick Launch\GameSpy Comrade.lnk
    [2012/07/12 08:17:33 | 003,903,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/07/11 16:59:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/07/11 16:59:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012/07/08 15:04:14 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/17 21:08:24 | 000,302,592 | ---- | C] () -- C:\Users\Tesher\Desktop\5lv8tr12.exe
    [2012/07/17 20:40:27 | 000,371,734 | ---- | C] () -- C:\MGlogs.zip
    [2012/07/17 20:39:22 | 000,001,150 | ---- | C] () -- C:\Users\Tesher\Desktop\hitmanpro.zip
    [2012/07/17 20:38:49 | 000,004,836 | ---- | C] () -- C:\Users\Tesher\Desktop\log.xml
    [2012/07/17 19:44:55 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/17 19:36:10 | 001,669,749 | ---- | C] () -- C:\MGtools.exe
    [2012/07/17 19:34:15 | 001,552,384 | ---- | C] () -- C:\Users\Tesher\Desktop\RogueKiller.exe
    [2012/07/17 19:19:04 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/07/16 19:17:15 | 000,044,186 | ---- | C] () -- C:\Users\Tesher\Desktop\$T2eC16dHJGoE9nuQg1-kBP-drYp6S!~~60_12.JPG
    [2012/07/12 18:29:57 | 000,001,965 | ---- | C] () -- C:\Users\Tesher\Application Data\Microsoft\Internet Explorer\Quick Launch\GameSpy Comrade.lnk
    [2012/07/08 15:04:14 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
    [2012/02/18 13:48:28 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2012/02/18 13:48:27 | 000,139,152 | ---- | C] () -- C:\Users\Tesher\AppData\Roaming\PnkBstrK.sys
    [2012/02/18 13:48:03 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
    [2012/02/18 13:48:02 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
    [2012/02/18 13:48:01 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
    [2012/02/05 15:37:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/05 15:37:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/05 15:37:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/05 15:37:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/05 15:37:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/05 15:22:38 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
    [2012/02/05 15:22:38 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
    [2012/02/05 15:22:38 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
    [2012/02/05 15:22:38 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
    [2012/01/27 15:59:21 | 000,000,132 | ---- | C] () -- C:\Users\Tesher\AppData\Roaming\Adobe Targa Format CS5 Prefs
    [2012/01/24 20:50:18 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
    [2012/01/14 21:56:38 | 000,000,132 | ---- | C] () -- C:\Users\Tesher\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2012/01/10 12:13:43 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
    [2012/01/10 12:13:38 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
    [2012/01/10 12:12:30 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2012/01/10 12:11:20 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10B.DAT
    [2012/01/10 12:10:58 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
    [2012/01/10 12:10:56 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
    [2012/01/10 12:07:14 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
    [2012/01/07 16:38:14 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2012/01/06 16:25:07 | 000,002,091 | ---- | C] () -- C:\Users\Tesher\.recently-used.xbel
    [2012/01/06 11:40:46 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2012/01/05 22:47:56 | 000,018,852 | R--- | C] () -- C:\Program Files\ProjectPointClient.tlb
    [2012/01/05 22:47:55 | 000,000,856 | ---- | C] () -- C:\Program Files\3dsMaxConfig.pit
    [2012/01/05 22:47:36 | 000,061,952 | R--- | C] () -- C:\Program Files\PPZlib123.dll
    [2012/01/05 22:47:24 | 000,010,043 | ---- | C] () -- C:\Program Files\setup.ini
    [2012/01/04 16:44:22 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
    [2012/01/04 16:44:22 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL

    ========== Custom Scans ==========

    < %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

    < %AppData%\Local\ >

    < %systemroot%\system32\sysprep >

    < *.xpi /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/19 08:03:34 | 000,865,776 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/19 08:03:34 | 000,865,776 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/19 08:03:34 | 000,865,776 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/19 08:03:35 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/19 08:03:35 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/19 08:03:35 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/01/05 21:26:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/01/05 21:26:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/01/05 21:26:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 02:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/06/02 02:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/19 08:03:34 | 000,865,776 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/19 08:03:34 | 000,865,776 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/19 08:03:34 | 000,865,776 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/19 08:03:35 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/19 08:03:35 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/19 08:03:35 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/01/05 21:26:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/01/05 21:26:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/01/05 21:26:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 02:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/06/02 02:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /90 >
    [2012/06/01 21:40:59 | 000,369,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\cng.sys
    [2012/06/01 21:45:04 | 000,067,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys
    [2012/06/01 21:45:03 | 000,134,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecpkg.sys
    [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
    [2012/07/12 20:50:09 | 000,139,152 | ---- | M] () -- C:\Windows\system32\drivers\PnkBstrK.sys
    [2012/04/27 20:17:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpwd.sys

    < %systemroot%\System32\config\*.sav >

    < %SYSTEMDRIVE%\*.exe /md5 >
    [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) MD5=520A6D1CBCC9CF642C625FE814C93C58 -- C:\install.exe
    [2012/07/17 19:36:11 | 001,669,749 | ---- | M] () MD5=F888E9C8C610011E91F6F0BD12E847AA -- C:\MGtools.exe

    < "%WinDir%\$NtUninstallKB*$." /30 >

    < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %USERPROFILE%\AppData\Local\ /s >

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >

    < %systemroot%\system32\config\systemprofile\Application Data /s >

    < %PROGRAMFILES%\*. >
    [2012/01/08 17:10:48 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2012/01/08 17:08:55 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
    [2012/01/04 12:07:53 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
    [2012/01/06 00:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
    [2012/01/04 12:06:13 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
    [2012/01/10 12:10:58 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
    [2012/01/10 12:11:15 | 000,000,000 | ---D | M] -- C:\Program Files\Browny02
    [2012/07/17 19:19:05 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
    [2012/05/14 16:48:31 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2012/01/05 21:46:09 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
    [2012/01/04 20:09:05 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
    [2012/01/04 19:53:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Creative Installation Information
    [2012/05/25 12:10:44 | 000,000,000 | ---D | M] -- C:\Program Files\D2-1.12A-enUS
    [2012/05/25 12:25:28 | 000,000,000 | ---D | M] -- C:\Program Files\D2LOD-1.12A-enUS
    [2012/01/05 21:20:34 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
    [2012/07/13 14:50:12 | 000,000,000 | ---D | M] -- C:\Program Files\Diablo III
    [2012/02/20 22:35:43 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
    [2012/01/06 12:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
    [2012/01/06 17:33:54 | 000,000,000 | ---D | M] -- C:\Program Files\EA SPORTS
    [2012/01/04 11:32:49 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
    [2009/03/13 11:59:07 | 000,000,000 | ---D | M] -- C:\Program Files\eula
    [2012/01/05 23:22:51 | 000,000,000 | ---D | M] -- C:\Program Files\Free Window Registry Repair
    [2012/07/12 18:29:54 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy
    [2012/01/06 16:17:12 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
    [2012/01/06 01:41:26 | 000,000,000 | ---D | M] -- C:\Program Files\Google
    [2012/01/04 11:58:41 | 000,000,000 | ---D | M] -- C:\Program Files\gs
    [2012/07/17 20:23:03 | 000,000,000 | ---D | M] -- C:\Program Files\HitmanPro
    [2012/02/22 17:53:27 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2012/07/12 08:15:17 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2012/05/06 14:28:34 | 000,000,000 | ---D | M] -- C:\Program Files\Investintech.com Inc
    [2012/07/08 15:03:10 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
    [2012/07/08 15:04:14 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
    [2012/05/14 16:46:33 | 000,000,000 | ---D | M] -- C:\Program Files\Java
    [2011/12/24 16:38:32 | 000,000,000 | ---D | M] -- C:\Program Files\LockHunter
    [2009/03/13 11:59:07 | 000,000,000 | ---D | M] -- C:\Program Files\main
    [2012/07/17 19:44:55 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/01/04 20:50:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
    [2012/05/25 22:44:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Chart Controls
    [2012/07/17 12:26:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
    [2012/01/07 17:55:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
    [2012/05/10 02:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
    [2012/01/04 21:01:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2012/01/07 17:00:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
    [2012/01/07 16:29:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
    [2012/07/19 08:03:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
    [2012/07/19 08:32:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
    [2009/07/13 21:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2009/03/13 11:59:07 | 000,000,000 | ---D | M] -- C:\Program Files\msi
    [2012/01/07 17:26:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
    [2012/01/24 20:56:46 | 000,000,000 | ---D | M] -- C:\Program Files\Nem's Tools
    [2012/01/10 12:07:55 | 000,000,000 | ---D | M] -- C:\Program Files\Nuance
    [2012/05/14 16:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
    [2012/01/04 16:44:23 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
    [2012/05/14 16:48:01 | 000,000,000 | ---D | M] -- C:\Program Files\Oracle
    [2012/06/19 19:21:06 | 000,000,000 | ---D | M] -- C:\Program Files\Origin
    [2012/01/06 16:38:42 | 000,000,000 | ---D | M] -- C:\Program Files\Origin Games
    [2012/07/08 14:58:57 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
    [2012/01/06 11:06:42 | 000,000,000 | ---D | M] -- C:\Program Files\Razer
    [2009/07/13 21:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2012/01/15 18:58:21 | 000,000,000 | ---D | M] -- C:\Program Files\RoadKill
    [2012/01/07 17:23:43 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
    [2012/01/10 12:05:30 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
    [2009/03/13 12:00:32 | 000,000,000 | ---D | M] -- C:\Program Files\Setup
    [2009/03/13 11:59:05 | 000,000,000 | ---D | M] -- C:\Program Files\SetupRes
    [2012/04/23 09:07:31 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
    [2012/02/05 14:56:47 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
    [2012/07/20 12:35:24 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
    [2012/01/24 20:51:13 | 000,000,000 | ---D | M] -- C:\Program Files\StudioCompiler
    [2009/03/13 11:59:15 | 000,000,000 | ---D | M] -- C:\Program Files\support
    [2009/07/13 21:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
    [2012/05/22 12:57:54 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
    [2012/01/13 19:48:37 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrentBar
    [2012/02/20 21:36:35 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
    [2012/01/06 12:10:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
    [2012/05/10 12:58:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
    [2012/05/20 02:36:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
    [2012/01/06 12:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
    [2012/01/06 12:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2009/07/13 21:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2012/01/06 12:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
    [2012/01/06 12:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
    [2012/01/06 12:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
    [2011/12/24 20:12:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Virtual PC
    [2011/12/24 20:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows XP Mode
    [2012/01/04 11:20:37 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
    [2012/01/04 12:54:22 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

    < %appdata%\*.* >
    [2012/01/16 19:25:55 | 000,000,132 | ---- | M] () -- C:\Users\Tesher\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2012/01/27 16:03:24 | 000,000,132 | ---- | M] () -- C:\Users\Tesher\AppData\Roaming\Adobe Targa Format CS5 Prefs
    [2012/07/12 20:50:09 | 000,139,152 | ---- | M] () -- C:\Users\Tesher\AppData\Roaming\PnkBstrK.sys

    < MD5 for: AFD.SYS >
    [2011/04/24 19:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
    [2010/11/20 01:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
    [2010/11/20 00:40:04 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
    [2008/01/20 19:22:25 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows.old\Windows\System32\drivers\afd.sys
    [2008/01/20 19:22:25 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
    [2011/04/24 19:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
    [2011/04/24 19:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
    [2011/04/24 19:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
    [2011/04/24 20:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
    [2009/07/13 16:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

    < MD5 for: ATAPI.SYS >
    [2008/01/20 19:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\drivers\atapi.sys
    [2008/01/20 19:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
    [2008/01/20 19:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
    [2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\MGtools\temp\ERDNT\atapi.sys
    [2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
    [2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
    [2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
    [2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
    [2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
    [2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

    < MD5 for: CRYPTSVC.DLL >
    [2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\System32\cryptsvc.dll
    [2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
    [2012/04/23 21:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
    [2012/04/23 21:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
    [2008/01/20 19:22:43 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows.old\Windows\System32\cryptsvc.dll
    [2008/01/20 19:22:43 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
    [2009/07/13 18:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
    [2010/11/20 04:18:26 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\ERDNT\cache\cryptsvc.dll
    [2010/11/20 05:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
    [2010/11/20 04:18:26 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
    [2012/04/23 21:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

    < MD5 for: DNSRSLVR.DLL >
    [2010/11/20 05:18:33 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=2FE30D71919C51131405797620E0A714 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_e3e9e6c8e09b7c76\dnsrslvr.dll
    [2010/11/20 04:18:34 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=2FE30D71919C51131405797620E0A714 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_e3e9e6c8e09b7c76\dnsrslvr.dll
    [2011/03/02 22:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\System32\dnsrslvr.dll
    [2011/03/02 22:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_e3a50618e0cfbec0\dnsrslvr.dll
    [2011/03/02 22:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B15BE77A2BACF9C3177D27518AFE26A9 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_e1c0a9a6e3a78582\dnsrslvr.dll
    [2011/03/02 22:50:46 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B3A0A4414D8EC1DD28018004CE8DCBEE -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_e28d2873fc92ad7b\dnsrslvr.dll
    [2009/07/13 18:15:12 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=D0722E963D3C6145446874241401B209 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_e1b8d300e3acf8dc\dnsrslvr.dll
    [2011/03/02 22:12:25 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=F3501CA4E93BF218C71CF9DEECEE838F -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_e431a3c1f9eaaa8f\dnsrslvr.dll
    [2008/01/20 19:22:36 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=F5A0F1DA1ED8B429597E71D27D976E31 -- C:\Windows.old\Windows\System32\dnsrslvr.dll
    [2008/01/20 19:22:36 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=F5A0F1DA1ED8B429597E71D27D976E31 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\dnsrslvr.dll

    < MD5 for: ES.DLL >
    [2008/01/20 19:22:19 | 000,262,144 | ---- | M] (Microsoft Corporation) MD5=F4BF4FA769DB51B106D2B4B35256988B -- C:\Windows.old\Windows\System32\es.dll
    [2008/01/20 19:22:19 | 000,262,144 | ---- | M] (Microsoft Corporation) MD5=F4BF4FA769DB51B106D2B4B35256988B -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18000_none_0ced9f1d51bda029\es.dll
    [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Users\Tesher\AppData\Local\temp\es.dll
    [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\ERDNT\cache\es.dll
    [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\System32\es.dll
    [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll

    < MD5 for: EXPLORER.EXE >
    [2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
    [2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
    [2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
    [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
    [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
    [2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
    [2010/11/20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
    [2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
    [2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
    [2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
    [2008/01/20 19:22:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\explorer.exe
    [2008/01/20 19:22:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

    < MD5 for: IPNATHLP.DLL >
    [2009/07/13 18:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\System32\ipnathlp.dll
    [2009/07/13 18:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_04a3b4c9aa9fddd8\ipnathlp.dll
    [2008/01/20 19:22:17 | 000,288,256 | ---- | M] (Microsoft Corporation) MD5=E1499BD0FF76B1B2FBBF1AF339D91165 -- C:\Windows.old\Windows\System32\ipnathlp.dll
    [2008/01/20 19:22:17 | 000,288,256 | ---- | M] (Microsoft Corporation) MD5=E1499BD0FF76B1B2FBBF1AF339D91165 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.0.6001.18000_none_04cd5ea6494c4867\ipnathlp.dll

    < MD5 for: NETBT.SYS >
    [2010/11/20 01:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
    [2010/11/20 00:39:46 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\System32\drivers\netbt.sys
    [2010/11/20 00:39:46 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
    [2008/01/20 19:23:10 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows.old\Windows\System32\drivers\netbt.sys
    [2008/01/20 19:23:10 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
    [2009/07/13 16:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys

    < MD5 for: NETMAN.DLL >
    [2009/07/13 18:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\ERDNT\cache\netman.dll
    [2009/07/13 18:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\System32\netman.dll
    [2009/07/13 18:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll
    [2008/01/20 19:22:19 | 000,274,432 | ---- | M] (Microsoft Corporation) MD5=C8052711DAECC48B982434C5116CA401 -- C:\Windows.old\Windows\System32\netman.dll
    [2008/01/20 19:22:19 | 000,274,432 | ---- | M] (Microsoft Corporation) MD5=C8052711DAECC48B982434C5116CA401 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.0.6001.18000_none_0fbd1b9651cfd333\netman.dll

    < MD5 for: QMGR.DLL >
    [2008/01/20 19:23:10 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows.old\Windows\System32\qmgr.dll
    [2008/01/20 19:23:10 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
    [2009/07/13 18:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
    [2010/11/20 04:21:00 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\ERDNT\cache\qmgr.dll
    [2010/11/20 05:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll
    [2010/11/20 04:21:00 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
    [2010/11/20 04:21:00 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

    < MD5 for: RPCSS.DLL >
    [2008/01/20 19:22:14 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=33FB1F0193EE2051067441492D56113C -- C:\Windows.old\Windows\System32\rpcss.dll
    [2008/01/20 19:22:14 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=33FB1F0193EE2051067441492D56113C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
    [2010/11/20 04:21:04 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\ERDNT\cache\rpcss.dll
    [2010/11/20 05:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
    [2010/11/20 04:21:04 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\System32\rpcss.dll
    [2010/11/20 04:21:04 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
    [2009/07/13 18:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
     
  15. tesher07

    tesher07 TS Rookie Topic Starter Posts: 26

    < MD5 for: SERVICES.EXE >
    [2008/01/20 19:22:56 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows.old\Windows\System32\services.exe
    [2008/01/20 19:22:56 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
    [2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
    [2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
    [2009/07/13 18:14:36 | 000,259,072 | ---- | M] () Unable to obtain MD5 -- C:\FRST\Quarantine\services.exe

    < MD5 for: SVCHOST.EXE >
    [2008/01/20 19:21:53 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows.old\Windows\System32\svchost.exe
    [2008/01/20 19:21:53 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

    < MD5 for: TCPIP.SYS >
    [2011/04/24 21:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
    [2011/09/29 09:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
    [2011/04/24 21:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
    [2009/07/13 18:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
    [2010/11/20 05:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
    [2010/11/20 04:30:14 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
    [2011/09/29 09:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
    [2012/03/30 03:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
    [2011/09/29 08:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
    [2011/09/29 09:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\ERDNT\cache\tcpip.sys
    [2011/09/29 09:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
    [2011/04/24 23:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
    [2012/03/30 03:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\System32\drivers\tcpip.sys
    [2012/03/30 03:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
    [2011/04/24 21:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
    [2012/03/30 02:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
    [2012/03/30 03:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys
    [2008/01/20 19:23:13 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows.old\Windows\System32\drivers\tcpip.sys
    [2008/01/20 19:23:13 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys

    < MD5 for: TDX.SYS >
    [2010/11/20 00:39:18 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\ERDNT\cache\tdx.sys
    [2010/11/20 01:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
    [2010/11/20 00:39:18 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\System32\drivers\tdx.sys
    [2010/11/20 00:39:18 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
    [2009/07/13 16:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
    [2008/01/20 19:23:00 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows.old\Windows\System32\drivers\tdx.sys
    [2008/01/20 19:23:00 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

    < MD5 for: USERINIT.EXE >
    [2008/01/20 19:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe
    [2008/01/20 19:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
    [2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
    [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
    [2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2006/11/02 02:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
    [2009/07/13 18:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
    [2008/01/20 19:21:29 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows.old\Windows\System32\drivers\volsnap.sys
    [2008/01/20 19:21:29 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
    [2008/01/20 19:21:29 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows.old\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys
    [2010/11/20 05:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys
    [2010/11/20 04:30:18 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
    [2010/11/20 04:30:18 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
    [2010/11/20 04:30:18 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

    < MD5 for: WININIT.EXE >
    [2008/01/20 19:21:52 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe
    [2008/01/20 19:21:52 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
    [2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
    [2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
    [2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/10/27 23:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
    [2009/10/27 22:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
    [2010/11/20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
    [2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    [2010/11/20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
    [2010/11/20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2009/07/13 18:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
    [2008/01/20 19:22:59 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\System32\winlogon.exe
    [2008/01/20 19:22:59 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

    < MD5 for: WMISVC.DLL >
    [2008/01/20 19:23:10 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=00B79A7C984678F24CF052E5BEB3A2F5 -- C:\Windows.old\Windows\System32\wbem\WMIsvc.dll
    [2008/01/20 19:23:10 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=00B79A7C984678F24CF052E5BEB3A2F5 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.0.6001.18000_none_a0b2bbcff6f11e8e\WMIsvc.dll
    [2009/07/13 18:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\System32\wbem\WMIsvc.dll
    [2009/07/13 18:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_a08911f35844b3ff\WMIsvc.dll
    [2009/07/13 18:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_a2ba25bb55333799\WMIsvc.dll

    < MD5 for: WSCSVC.DLL >
    [2008/01/20 19:21:47 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=683DD16B590372F2C9661D277F35E49C -- C:\Windows.old\Windows\System32\wscsvc.dll
    [2008/01/20 19:21:47 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=683DD16B590372F2C9661D277F35E49C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.0.6001.18000_none_1a405db2b218d641\wscsvc.dll
    [2009/07/13 18:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\System32\wscsvc.dll
    [2009/07/13 18:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_1a16b3d6136c6bb2\wscsvc.dll
    [2009/07/13 18:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_1c47c79e105aef4c\wscsvc.dll
    [2010/12/20 22:38:24 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=A661A76333057B383A06E65F0073222F -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_1a559a62133d85fa\wscsvc.dll
    [2010/12/20 22:29:14 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=FC6DB3FF10A271A83A2CAFB340120FC4 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_1ab2f7332c7c7c31\wscsvc.dll

    ========== Files - Unicode (All) ==========
    [2011/12/25 18:00:31 | 000,010,127 | ---- | C] ()(C:\Users\Tesher\Documents\Coß?L.docx) -- C:\Users\Tesher\Documents\CoßλL.docx
    [2008/04/09 20:18:27 | 000,010,127 | ---- | M] ()(C:\Users\Tesher\Documents\Coß?L.docx) -- C:\Users\Tesher\Documents\CoßλL.docx

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
    [C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
    [C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
    [C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
    [C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
    [C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
    [C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
    [C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:CB0AACC9

    < End of report >
     
  16. tesher07

    tesher07 TS Rookie Topic Starter Posts: 26

    EXTRAS:

    OTL Extras logfile created on: 7/20/2012 1:08:32 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Tesher\Downloads
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 69.30% Memory free
    6.49 Gb Paging File | 5.44 Gb Available in Paging File | 83.79% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 1397.25 Gb Total Space | 474.97 Gb Free Space | 33.99% Space Free | Partition Type: NTFS
    Drive L: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

    Computer Name: TESHER-PC | User Name: Tesher | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
    "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
    "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
    "{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
    "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
    "{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
    "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
    "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
    "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
    "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
    "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
    "{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
    "{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
    "{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{4650F3BF-F9ED-45AB-00A3-C927351E177F}" = Madden NFL 08
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
    "{6C6ED584-9F75-4235-8718-1F35B59814E8}" = Mamba Firmware Updater 1.13
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE49DA7-EDA4-4C63-AA06-DCDF6858C3F3}" = Razer Mamba
    "{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}" = Brother MFL-Pro Suite MFC-J615W
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
    "{84D58782-A2F0-47D4-A557-3041363893CF}" = Adobe Setup
    "{8537ABE9-DCE4-4149-A0B4-9926E449AD01}" = ESET NOD32 Antivirus
    "{894084B6-BC69-43B7-BF06-B93AECFEA520}" = GameSpy Comrade
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
    "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAC90D5F-B8B1-4A06-B888-F3A241124D0D}" = Roxio MyDVD Premier
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{BF60B320-3AA3-4DFB-B542-BDA6D4F1A60E}" = Razer Mamba
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C894CC24-0DEC-4340-BCC9-DD4310DF3BEC}_is1" = Able2Extract Professional 7.0
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Premier
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EF3BA6A1-7FB1-4720-B911-942DA28C0811}" = Autodesk 3ds Max 2010 32-bit Additional Files (2010.06.08)
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
    "{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "Adobe_19c4ee81f9cc4b3dffb9a17d9b648b2" = Adobe Soundbooth CS3
    "ALchemy" = Creative ALchemy
    "AudioCS" = Creative Audio Control Panel
    "Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
    "CCleaner" = CCleaner
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Console Launcher" = Creative Console Launcher
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "Creative Sound Blaster Properties" = Creative Sound Blaster Properties
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Diablo II" = Diablo II
    "Diablo III" = Diablo III
    "DivX Setup" = DivX Setup
    "Free Window Registry Repair" = Free Window Registry Repair
    "GCFScape_is1" = GCFScape 1.8.2
    "GPL Ghostscript 9.04" = GPL Ghostscript
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "LockHunter_is1" = LockHunter version 1.0 beta 3, 32 bit edition
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "Origin" = Origin
    "Picasa 3" = Picasa 3
    "PremElem40" = Adobe Premiere Elements 4.0
    "PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
    "PunkBusterSvc" = PunkBuster Services
    "SFBM" = SoundFont Bank Manager
    "Steam App 10170" = Wolfenstein
    "Steam App 102600" = Orcs Must Die!
    "Steam App 105450" = Age of Empires® III: Complete Collection
    "Steam App 105600" = Terraria
    "Steam App 107200" = Space Pirates and Zombies
    "Steam App 107800" = Rochard
    "Steam App 109410" = Brawl Busters
    "Steam App 113200" = The Binding of Isaac
    "Steam App 12160" = Midnight Club II
    "Steam App 19900" = Far Cry 2
    "Steam App 200210" = Realm of the Mad God
    "Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
    "Steam App 203770" = Crusader Kings II
    "Steam App 203810" = Dear Esther
    "Steam App 20540" = Company of Heroes: Tales of Valor
    "Steam App 2100" = Dark Messiah Might and Magic Single Player
    "Steam App 22380" = Fallout: New Vegas
    "Steam App 2400" = The Ship
    "Steam App 24240" = PAYDAY: The Heist
    "Steam App 24860" = Battlefield 2
    "Steam App 25890" = Hearts of Iron III
    "Steam App 28050" = Deus Ex: Human Revolution
    "Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
    "Steam App 40400" = AI War: Fleet Command
    "Steam App 42170" = Krater
    "Steam App 43110" = Metro 2033
    "Steam App 48000" = LIMBO
    "Steam App 57300" = Amnesia: The Dark Descent
    "Steam App 6850" = Hitman 2: Silent Assassin
    "Steam App 6860" = Hitman: Blood Money
    "Steam App 6900" = Hitman: Codename 47
    "Steam App 8190" = Just Cause 2
    "StudioCompiler" = StudioCompiler v0.4A
    "uTorrent" = µTorrent
    "uTorrentBar Toolbar" = uTorrentBar Toolbar
    "VLC media player" = VLC media player 2.0.1
    "VTFEdit_is1" = VTFEdit 1.3.3
    "WaveStudio 7" = Creative WaveStudio 7
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.01 (32-bit)
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/12/2012 2:11:10 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2012/07/12 11:11:10.331]: [00001024]: SendSKeySettingToDevice::
    Snmp Load Error[-1] To[192.168.1.65]

    Error - 7/12/2012 2:12:22 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2012/07/12 11:12:22.331]: [00001024]: SendSKeySettingToDevice::
    Snmp Load Error[-1] To[192.168.1.65]

    Error - 7/12/2012 2:13:33 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2012/07/12 11:13:33.331]: [00001024]: SendSKeySettingToDevice::
    Snmp Load Error[-1] To[192.168.1.65]

    Error - 7/12/2012 2:14:44 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2012/07/12 11:14:44.331]: [00001024]: SendSKeySettingToDevice::
    Snmp Load Error[-1] To[192.168.1.65]

    Error - 7/12/2012 2:15:57 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2012/07/12 11:15:57.331]: [00001024]: SendSKeySettingToDevice::
    Snmp Load Error[-1] To[192.168.1.65]

    Error - 7/12/2012 2:17:10 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2012/07/12 11:17:10.332]: [00001024]: SendSKeySettingToDevice::
    Snmp Load Error[-1] To[192.168.1.65]

    Error - 7/12/2012 2:18:22 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2012/07/12 11:18:22.331]: [00001024]: SendSKeySettingToDevice::
    Snmp Load Error[-1] To[192.168.1.65]

    Error - 7/12/2012 2:19:33 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2012/07/12 11:19:33.331]: [00001024]: SendSKeySettingToDevice::
    Snmp Load Error[-1] To[192.168.1.65]

    Error - 7/12/2012 2:20:44 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2012/07/12 11:20:44.331]: [00001024]: SendSKeySettingToDevice::
    Snmp Load Error[-1] To[192.168.1.65]

    Error - 7/12/2012 2:21:57 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2012/07/12 11:21:57.331]: [00001024]: SendSKeySettingToDevice::
    Snmp Load Error[-1] To[192.168.1.65]

    Error - 7/12/2012 2:23:10 PM | Computer Name = Tesher-PC | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2012/07/12 11:23:10.331]: [00001024]: SendSKeySettingToDevice::
    Snmp Load Error[-1] To[192.168.1.65]

    [ OSession Events ]
    Error - 1/16/2012 3:03:21 PM | Computer Name = Tesher-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
    lasted 610 seconds with 480 seconds of active time. This session ended with a crash.

    Error - 2/21/2012 4:07:09 AM | Computer Name = Tesher-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
    lasted 22379 seconds with 1260 seconds of active time. This session ended with
    a crash.

    Error - 6/10/2012 11:04:44 PM | Computer Name = Tesher-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1547
    seconds with 480 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 7/20/2012 3:59:58 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7003
    Description = The epfwwfpr service depends the following service: BFE. This service
    might not be installed.

    Error - 7/20/2012 3:59:58 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7003
    Description = The IKE and AuthIP IPsec Keying Modules service depends the following
    service: BFE. This service might not be installed.

    Error - 7/20/2012 3:59:58 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7003
    Description = The IPsec Policy Agent service depends the following service: BFE.
    This service might not be installed.

    Error - 7/20/2012 3:59:58 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7003
    Description = The SBSD Security Center Service service depends the following service:
    wscsvc. This service might not be installed.

    Error - 7/20/2012 3:59:58 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 7/20/2012 4:00:10 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7003
    Description = The epfwwfpr service depends the following service: BFE. This service
    might not be installed.

    Error - 7/20/2012 4:00:28 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 7/20/2012 4:00:28 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 7/20/2012 4:32:01 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 7/20/2012 4:32:01 PM | Computer Name = Tesher-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891


    < End of report >
     
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    It's okay. That services.exe is in Quarantine, meaning it is locked. It can no longer infect the computer. But, I've got it included in the fixes here...

    Please run OTL
     
  18. tesher07

    tesher07 TS Rookie Topic Starter Posts: 26

    All processes killed
    ========== OTL ==========
    C:\FRST\Quarantine\services.exe moved successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
    C:\Program Files\uTorrentBar\prxtbuTo0.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
    File C:\Program Files\uTorrentBar\prxtbuTo0.dll not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
    Prefs.js: "uTorrentBar Customized Web Search" removed from browser.search.defaultthis.engineName
    Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
    Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=2&q=" removed from keyword.URL
    C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
    C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\Plugins folder moved successfully.
    C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
    C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
    C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
    C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
    C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
    C:\Users\Tesher\AppData\Roaming\Mozilla\Firefox\Profiles\1mp7cys1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
    File C:\Program Files\uTorrentBar\prxtbuTo0.dll not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
    File C:\Program Files\uTorrentBar\prxtbuTo0.dll not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Tesher
    ->Temp folder emptied: 100334638 bytes
    ->Temporary Internet Files folder emptied: 7085506 bytes
    ->Java cache emptied: 722653 bytes
    ->FireFox cache emptied: 1156375295 bytes
    ->Flash cache emptied: 59904 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56475 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 200704 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 26204359 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 2765482 bytes

    Total Files Cleaned = 1,234.00 mb


    OTL by OldTimer - Version 3.2.54.0 log created on 07212012_112756

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  19. tesher07

    tesher07 TS Rookie Topic Starter Posts: 26

    Also my antivirus still has the error so I went to check the services.msc to see if I was missing files and apparently the "basic filtering engine" is missing for the ESETNOD 32, and my "Windows update service" is missing from the list. Are these caused by the virus? So in turn I am unable to run my windows update at all.
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    May very well be. We'll continue fixes...

    Please run Panda ActiveScan online scan.
    • Choose Quick Scan then click the big green Scan now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • Once the scan is completed, please hit the notepad icon next to the text Export to:
    • Save it to a convenient location such as your Desktop
    • Post the contents of the ActiveScan.txt in your next reply
     
  21. tesher07

    tesher07 TS Rookie Topic Starter Posts: 26

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2012-07-22 16:30:01
    PROTECTIONS: 1
    MALWARE: 0
    SUSPECTS: 1
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    ESET NOD32 Antivirus 5.0 Yes Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    No c:\mgtools.exe
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================

    So I guess I'm virus free but my ESET Nod and windows update are still not working.
     
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Do you have backup download of ESET software with disc or online account?

    What about service key?
     
  23. tesher07

    tesher07 TS Rookie Topic Starter Posts: 26

    I could probably re download it online but what about the windows update than?
     
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    For the ESET software, I can see that reinstalling it should repair the issue...but the protection is still active and working according to the Panda ActiveScan log above.

    Now, I would like for you to run a test for me...

    Please test your DNS Resolution by visiting here: http://www.dns-ok.us/

    Tell me if that is green or not...

    Also for this site: http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

    Tell me if you see all six images at the top...
     
  25. tesher07

    tesher07 TS Rookie Topic Starter Posts: 26

    Says it can no longer determine if your computer is infected as the servers were deactivated on July 9.

    Also I see all six images.

    I might just follow the instructions to replace the missing files in the service.msc.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...